Recovered files for client. Looking to see what tools were used on this attack. attached is an image from what appears to be an older piece of software used to separate my client from his data. Does anyone recognize the program?

In this tutorial we will remove Syskey start up password and reset the administrator password. Syskey is the additional layer of security. An average user barely implement it. Scammers take advantage of this tool to scam. Scammers usually contact computer owner identifying himself as a member of Microsoft support team. They will informs you that your PC have number of critical problems, those need to be fix immediately or your system will fail to work properly. They will convince you to allow them to connect system remotely and fix the issues. If you do make the mistake of letting them connect, they will ask you to pay $$$ for fix. If you refuse to pay, they will enacted SysKey encryption on the SAM registry hive.

Post subject: Re: can you identify this software used to attack a client?

Posted: January 17th, 2016, 15:41

Joined: January 8th, 2008, 5:21Posts: 812Location: uk

I had one of these yesterday. There were no system restore points available but I managed to restore the registry manually from the backup located in the windows\system32\config folder to the date/time before the scammers got into the system. I have read some of those lowlifes even delete the backup in some cases. I presume in these particular cases the user data remains unencrypted as the Syskey utility is only used to lock the user out of the system?

Post subject: Re: can you identify this software used to attack a client?

Posted: January 18th, 2016, 0:59

Joined: February 13th, 2010, 9:44Posts: 207Location: san diego, ca.

yes- only registry gets encrypted so data is fine. not so lucky on repair- backup registry method did not restore a working system. going to try and find deleted system restore points but given the evidence of a wipe program added to this system i suspect the worse. easier to reinstall.

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum